Comment by casty
14 hours ago
I can confirm. Interestingly they actually put a random USDC transaction number from Coinbase which was very close (close enough that I thought it was accurate) of a transaction I actually did on Coinbase at one point. I was so confused so I ended up calling the number but immediately realized once they picked up what was going on. Essentially they got really lucky that my actual transaction amount was close enough to seem plausible.
This is a failure on PayPal’s email template that the freeform text field appears just as legit as other items. The text label was something like “Message from Sender”.
> This is a failure on PayPal’s email template that the freeform text field appears just as legit as other items.
This is a somewhat common pattern in scams - abusing freeform text fields in emails or other messages to give the impression that a message is coming from a source that didn't intend to send it.
Another variant I've seen is malicious URLs linking to search engines which display the user's search terms, e.g. a link to a Microsoft site search with a prefilled search of "YOU HAVE A VIRUS, CALL MICROSOFT SUPPORT 555-1212".